5.10. Application Tag Numbers
Overview
Kerberos messages use ASN.1 application tags to identify message types. Each message type has a unique application tag number.
Assigned Tag Numbers
| Tag | Message Type | Description |
|---|---|---|
| 1 | Ticket | Authentication credential |
| 2 | Authenticator | Proves knowledge of session key |
| 3 | EncTicketPart | Encrypted part of ticket |
| 10 | AS-REQ | Authentication service request |
| 11 | AS-REP | Authentication service reply |
| 12 | TGS-REQ | Ticket-granting service request |
| 13 | TGS-REP | Ticket-granting service reply |
| 14 | AP-REQ | Application request |
| 15 | AP-REP | Application reply |
| 20 | KRB-SAFE | Safe message |
| 21 | KRB-PRIV | Private message |
| 22 | KRB-CRED | Credential message |
| 25 | EncASRepPart | Encrypted part of AS-REP |
| 26 | EncTGSRepPart | Encrypted part of TGS-REP |
| 27 | EncApRepPart | Encrypted part of AP-REP |
| 28 | EncKrbPrivPart | Encrypted part of KRB-PRIV |
| 29 | EncKrbCredPart | Encrypted part of KRB-CRED |
| 30 | KRB-ERROR | Error message |
Purpose
Application tags enable:
- Message type identification
- Proper routing and processing
- Protocol versioning
- Extensibility
Reference
For complete list, refer to RFC 4120 Section 5.10.